security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,006 Commits 1 Branch 57 Tags
2a1124e95eb06cd7ca8e4ce35d1562bd1725481e
Commit Graph

15006 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
tuan 2a1124e95e feat: new rules Linux Package Uninstall (#4098) 2023-03-13 00:04:53 +01:00
frack113 61a6ca59b0 feat: new rule amsi.dll load by uncommon process (#4102) 2023-03-12 23:58:51 +01:00
Nasreddine Bencherchali 6d1135ce40 Merge pull request #4088 from SigmaHQ/update-pipfile 
chore: update pipfile.lock
 2023-03-12 23:57:00 +01:00
Nasreddine Bencherchali 360b6b6cee Merge pull request #4100 from nasbench/pr-issue-templates 
feat: update PULL_REQUEST_TEMPLATE.md
 2023-03-10 10:27:49 +01:00
Nasreddine Bencherchali 40f355eed7 Update PULL_REQUEST_TEMPLATE.md 2023-03-10 01:42:05 +01:00
Zeta 9da9da80d3 Update ATT&CK Techniques and Tactics (#4096) 2023-03-10 01:21:42 +01:00
Nasreddine Bencherchali 3b11cafc57 Merge pull request #4091 from nasbench/nasbench-rule-devel 
feat: update and fixes
 2023-03-07 18:07:57 +01:00
Nasreddine Bencherchali 149256b0b9 fix: add missing modified date 2023-03-07 17:50:14 +01:00
Nasreddine Bencherchali 556e445e22 fix: update rules/windows/process_creation/proc_creation_win_hktl_powersploit_empire_default_schtasks.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-03-07 17:49:21 +01:00
Nasreddine Bencherchali 7303137b14 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-07 17:07:12 +01:00
Nasreddine Bencherchali 2883c2e714 fix: test errors 2023-03-07 14:23:44 +01:00
Nasreddine Bencherchali 05adb156e7 feat: update test 2023-03-07 14:14:21 +01:00
Nasreddine Bencherchali 1378cf6d75 feat: update cmd based rules 2023-03-07 14:13:57 +01:00
Nasreddine Bencherchali e2d48cf455 chore: rename wscript/cscript only rules 2023-03-06 01:09:29 +01:00
Nasreddine Bencherchali e5c75d3232 fix: shorten filenames 2023-03-06 00:55:03 +01:00
Nasreddine Bencherchali e3503d5d60 feat: more updates 2023-03-06 00:39:26 +01:00
Nasreddine Bencherchali 2755bcfe80 Merge pull request #4093 from frack113/T1112 
feat: update rule with `MicrosoftRedirectionURL` registry key
 2023-03-05 15:43:21 +01:00
frack113 d8a7228c68 Add MicrosoftRedirectionURL 2023-03-05 15:10:18 +01:00
Florian Roth 559b7b4bf9 Merge pull request #4090 from fukusuket/fix-modifier-endswith-typo 
fix `endswith` modifier typo
 2023-03-04 12:52:41 +01:00
fukusuket 8b5a254d4f fix: update modified 2023-03-04 20:40:48 +09:00
fukusuket d0e1bd5cfa fix endswith typo 2023-03-04 20:36:28 +09:00
frack113 fe96795c34 Merge pull request #4089 from fukusuket/fix-deprecated-status-typo 
fix :`deprecated` status typo
 2023-03-04 08:36:30 +01:00
fukusuket 1896aee5cb update modified 2023-03-04 16:07:17 +09:00
fukusuket 31e14f8b63 fix status typo 2023-03-04 16:06:45 +09:00
Nasreddine Bencherchali e0b3137514 Update Pipfile.lock 2023-03-03 15:44:50 +01:00
frack113 05e1d235e7 Merge pull request #4086 from frack113/auto_lf 
Normalize LF
 2023-03-03 11:29:22 +01:00
frack113 0afaada946 Update .gitattributes 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-03 11:16:59 +01:00
Nasreddine Bencherchali 4439d85ea5 chore: renames with new sigma convention 2023-03-03 00:21:25 +01:00
frack113 fb755788ab Normalize LF 2023-03-02 17:52:48 +01:00
Nasreddine Bencherchali a93853bd20 Merge pull request #4082 from nasbench/nasbench-rule-devel 
feat: update and fixes
 2023-03-02 13:46:29 +01:00
Nasreddine Bencherchali eae48afc53 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-03-01 19:10:50 +01:00
Nasreddine Bencherchali cfea7a7bcc fix: apply 2nd batch of suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-01 18:45:26 +01:00
Nasreddine Bencherchali 46671f0905 Merge pull request #4085 from markus-nclose/master 
feat: enhance renamed binaries rule with reg.exe
 2023-03-01 14:13:53 +01:00
Nasreddine Bencherchali bd9f82efa2 Merge pull request #4084 from nasbench/master 
chore: rollback previous state of the rule
 2023-03-01 14:12:46 +01:00
Nasreddine Bencherchali 8649d31048 fix: update modified field 2023-03-01 13:52:03 +01:00
markus-nclose 5d7fe8823b Add reg.exe 
Reg.exe for Qakbot defense evasion.
https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB17_28.02.2023.txt
xcopy  C:\Windows\\\\\\system32\\\\\\reg.exe C:\Users\Admin\AppData\Local\Temp\glanduleHoratory.exe /h /s /e
 2023-03-01 13:27:59 +02:00
Nasreddine Bencherchali 3c425a0b03 Merge branch 'SigmaHQ:master' into master 2023-02-28 21:10:47 +01:00
Nasreddine Bencherchali 1950fd389a fix: rollback previous state of the rule 2023-02-28 21:10:08 +01:00
Nasreddine Bencherchali b584dd198e Merge pull request #4074 from pfpt-dmiller/patch-1 
feat: add new dns rule related to socgholish c2
 2023-02-28 18:28:56 +01:00
Nasreddine Bencherchali f5f6ec3e64 fix: update modifiers 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-28 18:27:41 +01:00
Nasreddine Bencherchali 7da6ac6654 fix: apply typo fix suggestions from code review 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2023-02-28 16:55:40 +01:00
Nasreddine Bencherchali 1353d57485 fix: issues with CICD 2023-02-28 15:59:13 +01:00
Nasreddine Bencherchali 5689263f30 fix: add missing modified 2023-02-28 15:44:37 +01:00
Nasreddine Bencherchali 137dcbcc50 feat: more updates and fixes 2023-02-28 15:22:25 +01:00
Nasreddine Bencherchali 2234b7d180 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-02-28 12:34:41 +01:00
Nasreddine Bencherchali 6633ba56c4 Merge pull request #4081 from phantinuss/master 
fix: FP found in testing environment
 2023-02-28 12:25:05 +01:00
phantinuss b61ec0d515 restrict System process using PID 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-02-28 12:16:55 +01:00
phantinuss 8cf0de3776 fix: FP found in testing environment 2023-02-28 10:22:47 +01:00
Nasreddine Bencherchali 7f18403f51 Merge pull request #4077 from frack113/firewall 
feat: add win_firewall_as_add_rule_susp_folder
 2023-02-27 21:26:39 +01:00
frack113 506e124135 Update win_firewall_as_add_rule_susp_folder.yml 2023-02-27 17:36:44 +01:00